Last Call Review of draft-ietf-mmusic-dtls-sdp-22
review-ietf-mmusic-dtls-sdp-22-secdir-lc-salz-2017-04-06-00

Request Review of draft-ietf-mmusic-dtls-sdp
Requested rev. no specific revision (document currently at 31)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2017-04-06
Requested 2017-03-17
Other Reviews Genart Last Call review of -22 by Paul Kyzivat (diff)
Opsdir Last Call review of -22 by Carlos Pignataro (diff)
Genart Last Call review of -26 by Paul Kyzivat (diff)
Genart Telechat review of -27 by Paul Kyzivat (diff)
Secdir Telechat review of -28 by Rich Salz (diff)
Genart Telechat review of -28 by Paul Kyzivat (diff)
Review State Completed
Reviewer Rich Salz
Review review-ietf-mmusic-dtls-sdp-22-secdir-lc-salz-2017-04-06
Posted at https://mailarchive.ietf.org/arch/msg/secdir/-kf9fuJlDFgkSU1eafJfLy3pJLU
Reviewed rev. 22 (document currently at 31)
Review result Has Nits
Last updated 2017-04-06

Review
review-ietf-mmusic-dtls-sdp-22-secdir-lc-salz-2017-04-06

The term "ufrag" should be explained, or at least have a reference on its first use.  It seems important :)

I think the "fingerprint" reference should be moved up to the bullet list in section 4, from the bullet list in 5.1

Sec 4 uses the term "cryptographic random function" which is not a common security term.  (See https://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator)  I would just say "strong random function"; it's the number of random bits that counts.  Or use CSPRNG as the term.

In Sec 9, it seems like quoting all the old text is way too verbose.  I would just say "replace with the following NEW TEXT"
If it's not replacing an entire section, then say "the nnn paragraphs starting with xxxxx" or similar construct.